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REMARKS 

Claims 1-2, 4-20, 31, 38-41, and 43-48 are pending in the application. 

The examiner rejected independent claims 1, 38, and 47 under 35 U.S.C. § 103(a) as 
being unpatentable over Jones in view of ElGamal. The examiner admits that Jones does not 
disclose: 

[a] protocol between a client which has a client secret and a server which 
has a server secret to compute a third secret from the client secret and the 
server secret, wherein the protocol is implemented so that the client 
obtains the third secret and cannot feasibly determine the server secret, 
and the server cannot feasibly determine die client secret or the third 
secret 

as recited in claims 1, 38, and 47, and relies on ElGamal to supply this feature. The examiner 
argues that: 

Elgamal discloses a key distribution scheme wherein the party A and B 
compute the secret Kab. . . The party A has a secret x A and B has a secret 
x B . The party A, which corresponds to the client, obtains the third secret 
(Kab). The party A has a secret x A and B has a secret x B , therefore the 
party A cannot determine the secret of Party B and Party B cannot 
determine the secret of Party A (Office Action, p. 3). 

However, even if we assume that party A is the client with client secret x A , party B is the server 
with server secret x B , and Kab is the third secret, and even if parties A and B cannot determine 
each other's secrets, ElGamal 's scheme is missing an important element of the claim. 
Specifically, ElGamal does not teach or suggest a protocol in which the server, i.e., party B, 
cannot feasibly determine the third secret, i.e., K A b, as required by the claim. 

In fact, ElGamal discloses exactly the opposite of what is required by the present claims. 
More specifically, both party A and party B need to know Kar . According to ElGamal: 

Suppose that A and/? want to share a secret K^ ... A computes y A =c? A 
mod p, and sends y A . Similarly, B computes ya=a xB mod p and sends y B . 
Then the secret Kab is computed as 

Kab = ^ m °d P 
= y/*mod/> 
= yB** mod p 

Hence, both A and B are able to compute Kab (p. 469, emphasis added). 

After computing Kab, parties A and B securely communicate with each other by encrypting 
messages using Kab and decrypting the encrypted messages with x A and x B . ElGamal provides 
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an example of how to do this: party A selects a random value k, which is equivalent to x A ; 
calculates K, which is equivalent to K A b; and encrypts message m under K by computing c\ = a* 
mod p and c 2 =Km mod /?. Then, party A sends c x and c 2 to party B (p. 469). Party B recovers 
message m by first recovering K, and then using K to decrypt m: 

The decryption operation splits into two parts. The first step is 
recovering K, which is easy for B since KKab = (a*)** = mod p, and 
x B is known to B only. The second step is to divide c 2 by K and recover 
the message m (p. 469). 

So, party B recovers K so that it can decrypt message m. Therefore party B knows K . 

In order for ElGamal's scheme to work, both A and B must know K . But if one equates 
party B with the claimed "server," and K (which is equivalent to Kab) with the claimed "third 
secret," ElGamal explicitly teaches awav from a protocol wherein the "server cannot feasibly 
determine the client secret or the third secret," as is required by claims 1, 38, and 47, and claims 
dependent thereon. 

For at least the reasons stated above, applicant believes the pending application is in 
condition for allowance, and asks the examiner to allow the claims to issue. 

A request for a three-month extension of time accompanies this response. Please charge 
the extension fee for this request to Deposit Account No. 08-0219. Please apply any charges not 
covered, or any credits, to Deposit Account No. 08-0219. 

Respectfully submitted, 

Dated: July 28, 2006 
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Registration No.: 32,590 
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60 State Street 

Boston, Massachusetts 02109 
(6170 526-6043 (telephone) 
(617) 526-5000 (facsimile) 
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